Anti-Phishing Training Data Show Why an Advanced Spam Filter is Essential

Anti-phishing training can help an organization improve its security posture. However, even with training on phishing email identification, employees still fail to spot many email scams. Anti-phishing training alone is insufficient to prevent successful phishing attacks.

The Threat from Phishing is Growing

Your business is likely to be bombarded with phishing emails, especially at this time of year. Tax season sees millions of emails sent to businesses by cybercriminals who want access to employees’ W-2 Forms. However, phishing is a year-round problem. It has been estimated that an astonishing 156 million phishing emails are now being sent every single day.

As we have already seen this year, phishing scams can be highly convincing. Many businesses have discovered employees have responded to these scams in the belief that the email requests are genuine. The cost of those phishing attacks can be considerable for businesses, their customers and their employees.

Anti-Phishing Training Alone will Not Prevent Successful Phishing Attacks

To ensure employees are prepared, many businesses provide employees with anti-phishing training. They teach staff members how to identify phishing scams and the tell-tale signs that email requests are not genuine.

How effective is anti-phishing training? A recent analysis by Diligent showed that the average score on its phishing test was 76%. That means employees are failing to identify phishing scams 24% of the time and all it takes is one response to a phishing email for an employee’s email account to be compromised, a network login to be handed to cybercriminals, or the W-2 Forms of an entire workforce to be emailed to tax fraudsters.

Fortunately, as PhishMe’s data shows, with practice, employees get much better at identifying phishing emails. Providing training and conducting follow up tests using dummy phishing emails helps to show where training has failed. This allows organizations to provide further training to employees whose phishing email identification skills are poor. However, even with training and testing it will never be possible to ensure that 100% of employees identify 100% of phishing emails 100% of the time.

The Best Phishing Defense is to Prevent Phishing Emails from Being Delivered

Training should be provided and employees’ anti-phishing skills should be tested with dummy phishing exercises, but organizations should ensure that phishing emails are not delivered to end users’ inboxes. That means an advanced, powerful spam filtering solution is required.

SpamTitan blocks 99.97% of spam emails from being delivered. SpamTitan also includes a powerful anti-phishing component to block phishing attacks. However, blocking potentially malicious emails is only part of the story. It is also important to choose a solution that does not prevent genuine emails from being delivered.

Independent tests by VB Bulletin confirm SpamTitan has a consistently low false positive rate. Only 0.03% of genuine emails trigger SpamTitan’s anti-spam filters. The excellent catch rates and low false positives have seen SpamTitan win 36 consecutive VB Bulletin Anti-Spam Awards.

SpamTitan is available as a gateway appliance or a cloud-based solution, with both requiring minimal IT support. To suit the needs of service providers, the cloud-based version is available in a private cloud and is supplied in white-label format ready for rebranding.

The cost-effective solution is easy to implement, use and maintain and can be used to protect a limitless number of email accounts.

If you want to keep your employees’ inboxes free from phishing emails, malware, and ransomware, call the TitanHQ Sales Team today and say a fond farewell to email spam.

School Phishing Email Attack Highlights Need for Powerful Anti-Spam Solution

Another school phishing email attack has resulted in the W-2 Form data of school employees being emailed to tax fraudsters. This time, it was employees of Mercer County Schools in West Virginia whose data have been compromised.

The FBI has been called in to investigate the W-2 phishing scam and the IRS has been notified of the incident, while affected employees have been offered services to help them protect their identities.

The school phishing email attack is just one of many such attacks that have occurred this year. While businesses have been extensively targeted in the past, phishing attacks on schools are now commonplace. The problem has become so severe that the IRS recently issued a warning to schools of the risk of phishing email attacks, saying “This is one of the most dangerous email phishing scams we’ve seen in a long time.”

The Mercer County School District phishing attack was almost a carbon copy of many other tax season attacks this year. Already, there have been more than 29,000 victims of these attacks and there is still two months of tax season remaining.

The school phishing email attack involved the sending of an email to an employee in the HR/payroll department requesting a copy of W-2 Forms for all employees that worked in the previous fiscal year. The email was sent from an email account that was very similar to that used by the chief supervisor.

The email contained a slight variation from the genuine email address, which was enough to fool the recipient into thinking the email had been sent from the supervisor’s account. The employee then sent the W-2 forms of 1,800 staff members to the attackers as requested.

Databreaches.net has been tracking this year’s W-2 phishing scams and is maintaining a list of all organizations that have been scammed into revealing W-2 Form data. The list shows that school districts are being extensively targeted.  Successful W-2 phishing attacks have been reported by the following schools and school districts in the past 6 weeks:

  • Argyle School District, TX
  • Belton Independent School District, TX
  • Bloomington Public Schools, MN
  • College of Southern Idaho, ID
  • Davidson County Schools, NC
  • Dracut Schools, MA
  • Lexington School District 2, SC
  • Manatee County School District, FL
  • Mohave Community College, AZ
  • Morton School District, IL
  • Odessa School District, WA
  • Tipton County Schools, TN

The Manatee County School District phishing attack resulted in the W-2 Form data of 7,900 employees being emailed to the scammers: The biggest school phishing email attack of the year to date. The Bloomington Public Schools attack also resulted in thousands of employees’ W-2 Forms being disclosed.

There are a number of measures that can be taken to reduce the risk of phishing attacks such as these. Training should be provided to HR and payroll staff and they should be instructed to carefully check senders’ email addresses to ensure the correct account has been used. Policies should also be developed requiring any W-2 Form requests to be verified with the sender via the telephone, using previously confirmed contact details.

It is also essential to implement a spam filtering solution with a powerful anti-phishing component. This will help to ensure that the emails are not delivered to inboxes. A spam filtering solution will also block malware and ransomware emails from being delivered. The latter types of malicious emails have also been a major problem for school districts over the past year.

An often forgotten anti-phishing measure is a web filter. Web filters block the web-based component of phishing attacks. If a link is clicked in a phishing email, the web filter will prevent the website from being accessed where credentials are harvested.

For more information on improving your defenses against phishing, give the TitanHQ team a call. The team will talk you through your options and will be able to help get you started with a free trial of SpamTitan Email Security and the WebTitan Web Filtering solution.

What are the Benefits of Cloud-Based Email Archiving?

Email archiving is essential for most businesses; however, many businesses are not using a cloud-based email archiving solution. In fact, a large number rely on email backups, even though backups are impractical and data loss is a very real concern. But what are the benefits of secure, cloud-based email archiving over backups?

Loss of Email Simply isn’t an Option

Hillary Clinton could easily explain one of the most important benefits of a cloud-based email archiving solution. If an email archive is stored locally, should the device on which that archive is stored be lost or stolen, the entire archive would never be seen again. That is exactly what happened last year.

Donald Trump was quick to criticize Hillary Clinton. Not only was that archive lost, it could potentially have been accessed by an unauthorized individual. Donald Trump is keen not to make a similar mistake. He has reportedly started using a messaging app that deletes all messages once they have been read. Such an app would certainly prevent accidental disclosure, although it would not be an option for many businesses as regulations require emails to be kept for a number of years.

Loss of email is simply not an option in regulated industries. Big fines await companies who do not archive or backup their emails. Emails must be securely stored and made available to auditors or organizations will be in violation of the Sarbanes-Oxley Act, FINRA, HIPAA, and the Gramm-Leach-Billey Act to name but a few. If a backup or local email archive is lost, the consequences can be severe.

Take healthcare organizations for example. If a laptop computer is stolen and email backups containing electronic protected health information were on the device, those data could potentially be accessed by an unauthorized individual. That would be a violation of HIPAA Rules. The Office for Civil Rights could easily fine a healthcare organization millions of dollars for such a data breach. If emails are archived and stored in the cloud, such a breach would not occur in the event of device loss or theft.

Emails Must Be Found Quickly for Legal Discovery and GDPR

If a lawsuit is filed against a company, it may be necessary to provide copies of emails as part of legal discovery. While many companies store old emails in backups, searching for emails can be a difficult, expensive and long-winded process. For an average-sized organization searching for emails could take weeks, even though emails need to be found in minutes. With an email archiving solution, archived messages can be searched and retrieved in a matter of seconds or minutes, not weeks.

A similar scenario exists for data access requests under the EU´s General Data Protection Regulation. EU citizens now have the right to request details of any data that could be used to identify them, modify it where necessary, and erase it is there is justifiable cause. Businesses maintaining a database of EU citizens will find compliance with GDPR much easier by implementing cloud-based email archiving, which also has the benefit of complying with the regulations relating to data security.

Secure, Cloud-Based Email Archiving Resolves Storage Headaches

Considering the volume of emails now being sent, and the requirement for those emails to be kept for years in many cases, the space required for storing email is considerable. A recent report from Radicati Group suggests the average employee sends or receives 121 emails a day. For an organization with 500 employees that is 60,500 emails a day. With 22 working days each month, that amounts to 15,972,000 emails a year. Each of those emails may only be a few KB, but over a year the storage space required is substantial. Cloud-based email archiving not only allows millions of emails to be stored, there is no need for organizations to purchase any hardware for storage. All emails are securely stored in the cloud.

ArcTitan – Secure, Cloud-Based Email Archiving for Enterprises of All Sizes

The benefits of secure, cloud-based email archiving are clear. So what options are available that provide all of the benefits of cloud-based email archiving in an easy to use, cost effective package? To meet businesses’ email archiving needs, TitanHQ is offering ArcTitan – a secure, cloud-based email archiving solution that allows organizations to meet compliance requirements, search email archives quickly, and retrieve messages in minutes. ArcTitan has excellent scalability, and can be used for old email storage by companies with ten to 10,000+ email accounts.

Emails can be archived from anywhere at any time, and messages can be accessed via a mail client or browser. Furthermore, with a pay as you go subscription, cloud-based email archiving is affordable for businesses of all sizes.

Key Features of ArcTitan

  • Scalable, email archiving that grows with your business
  • Email data stored securely in the cloud on Replicated Persistent Storage on AWS S3
  • Lightning fast searches – Search 30 million emails a second
  • Rapid archiving at up to 200 emails a second
  • Automatic backups of the archive
  • Email archiving with no impact on network performance
  • Ensure an exact, tamperproof copy of all emails is retained
  • Easy data retrieval for eDiscovery
  • Protection for email from cyberattacks
  • Eliminate PSTs and other security risks
  • Facilitates policy-based access rights and role-based access
  • Only pay for active users
  • Slashes the time and cost of eDiscovery other formal searches
  • Migration tools to ensure the integrity of data during transfer
  • Seamless integration with Outlook
  • Supports, single sign-on
  • Save and combine searches
  • Perform multiple searches simultaneously
  • Limits IT department involvement in finding lost email – users can access their own archived email
  • Compliant with regulations such as HIPAA, SOX, GDPR, Federal Rules of Civil Procedure, etc.

To find out more about the benefits of ArcTitan, contact the TitanHQ sales team today!

Microsoft Warns Users of Change in Malware Distribution Tactics

Spammers and scammers are constantly updating their malware distribution tactics to ensure their malicious payloads are delivered to unsuspecting end users. However, Microsoft has spotted a major change to malware distribution tactics used by cybercriminals. The change has prompted the software giant to issue a new warning.

Malware, including ransomware, is commonly distributed via spam email. Links to malicious websites are used in an attempt to bypass spam filter controls; however, malicious attachments are the delivery mechanism of choice for many cybercriminal gangs. Malicious links are commonly blocked by web filtering solutions – WebTitan for example prevents all users from visiting websites known to be malicious.

To bypass spam filter controls, attachments rarely include the actual malware or ransomware files, instead the files contain scripts that download the malicious payload.

One of the most common methods of downloading malware is JavaScript code. JavaScript files are typically included in ZIP files. If the files are extracted and opened, the malicious code runs. A connection is opened to the attackers’ servers and malicious files are silently downloaded.

However, JavaScript files are not typically used by the majority of end users. These files are therefore not always opened. Furthermore, spam filters can identify JavaScript files even when they are included in compressed files. Later this month, Google will also start blocking emails with JavaScript attachments and will not allow them to be sent via Gmail.

Due to the ease at which these malicious downloaders are being identified, malware distribution tactics have been changed. Rather than use these suspect files, cybercriminals have switched to file types that are less obviously malicious. Microsoft has noticed a trend for using LNK files and SVG files containing malicious PowerShell scripts.

LNK files are Windows shortcut files which usually point to some form of executable file. SVG (Scalable Vector Graphics) files are image files, and are much more innocuous. These files are typically opened with image software such as Adobe Creative Suite or Illustrator.  Double clicking on these malicious LNK and SVG files will launch PowerShell scripts that download malware or ransomware.

Protecting against these types of attacks may seem fairly straightforward. It is possible, for example, to set restrictions on PowerShell commands to prevent them from running. However, even with restrictions in place, those policies can be easily bypassed. Intel Security has recently explained one such method: “PowerShell’s Get-Content can access the content of a .ps2 malware script and pass it to Invoke-Expression (iex) for execution.”

In the case of SVG files, it is relatively straightforward to include obfuscated JavaScript code in the image files. This JavaScript code may not be detected by software solutions and therefore could be delivered to end users’ inboxes.

There is of course an easy way to block these new malware distribution tactics. SpamTitan can be configured to block specific files attached to emails, preventing them from being delivered to end users. By implementing SpamTitan and blocking JavaScript Files, LNK files, and SVG files, organizations will be better protected against malware infections.

Since SVG, JavaScript, and LNK files are rarely sent in legitimate emails, blocking these attachments will not cause major disruption. Any individual or department that does use these files – IT or marketing for example – can be instructed to send the files via Dropbox or another file sharing platform.

Ransomware Attacks on British Schools Prompt Action Fraud to Issue Warning

Ransomware attacks on British schools have soared in recent weeks. The problem has become so serious that the British National Fraud and Cyber Crime Reporting Center, also known as Action Fraud, has issued a new ransomware warning to British schools.

Ransomware has grown in popularity with cybercriminals over the past 2 years, with attacks on organizations around the world soaring in 2016. 2017 may only be a few weeks old, but ransomware attacks are continuing at the high levels seen in 2016. Security experts predict that 2017 will see even more cyberattacks on schools and other educational institutions. Ransomware the attack method of choice.

Ransomware is a form of malware that encrypts data on a compromised system. A wide range of file types are locked with powerful encryption and a ransom demand is issued. If payment is made, the attackers claim they will supply the key to unlock the encryption. Without the key – the sole copy is held by the attackers – data will remain locked forever.

Some forms of ransomware have been cracked and free decryptors made available, but they number in the few. The majority of ransomware variants have yet to be cracked. Recovery depends on payment of the ransom or the wiping of the attacked system and restoration of files from backups.

While a standard charge per encrypted device was the norm early last year, ransomware is now more sophisticated. The attackers are able to set their payment demand based on the types of files encrypted, the extent of the infection, and the perceived likelihood of the victim paying up. Ransomware attacks on British schools have seen ransom demands of an average of £8,000 issued.

Ransomware Attacks on British Schools are Targeted, Not Random

Many ransomware attacks are random – Spam emails are sent in the millions in the hope that some of them reach inboxes and are opened by employees. However, ransomware attacks on British schools have seen a different approach used. Recent attacks have been highly targeted.

Rather than send emails out en masse, the spate of recent ransomware attacks on British schools start with a phone call. In order to find their target, the attackers call the school and ask for the email address of the head teacher. The email address is required because sensitive information needs to be sent that should only be read by the head teacher. Information such as mental health assessment forms and teacher guidance forms.

An email is then crafted and sent to the head teacher; addressed to that individual by name. While there are many types of ransomware emails, a number of recent ransomware attacks on British schools involved an email that appears to have been sent by the Department of Education. Other cases have involved the impersonation of the Department of Work and Pensions and telecom providers.

In the text of the email the attacker explains that they have sent some information in an attached file which is important and needs to be read. The attached file, usually in compressed format such as .ZIP or .RAR, contains files that install ransomware if opened.

These ransomware downloaders may be JavaScript files, Word or Excel macros, or a host of other file types.  In some cases, links are used instead of attachments. The links are masked so they appear to be official webpages; on the Department for Education website for example. In the case of links, they direct the recipient to a webpage containing an exploit kit or other form of file downloader. Just visiting that link could infect the user’s computer, mapped network drives, and portable storage devices.

How to Prevent Ransomware Attacks

Ransomware attacks on British schools can be highly sophisticated, although risk can be effectively mitigated.

  • Ensure all staff with computer access are made aware of the risk of ransomware attacks
  • Provide cybersecurity training to all staff, including how to identify ransomware and phishing emails
  • Never open attachments or visit links in emails sent from unknown senders
  • Implement a spam filter to capture and quarantine malicious spam emails
  • Use a web filtering solution to prevent staff members from visiting malicious links and from downloading ‘risky’ files
  • Ensure all software is kept up to date and patches are applied promptly
  • Keep all anti-virus and anti-malware solutions up to date, setting updates to occur automatically
  • Restrict the use of administrator accounts – Only use accounts with high levels of privileges for specific tasks

It is also essential to ensure that backups of all data are made on a daily basis and backup devices are disconnected after backups have been performed. Data should ideally be backed up to the cloud and on a physical backup device. In the event of an attack, data can then be recovered without paying the ransom.